tag:blogger.com,1999:blog-3964361555410465200Mon, 05 Mar 2018 18:18:07 +0000IT SecurityDon't just scratch the surface of Information Security - Grab a shovel.http://security.nathanbowman.us/noreply@blogger.com (Nathan Bowman)Blogger5125tag:blogger.com,1999:blog-3964361555410465200.post-875505976343620204Sat, 01 Dec 2012 07:09:00 +00002012-12-01T02:16:30.348-05:00Exploit.Exercise.com - Nebula - Level03I decided to try my hand at a war game over at Exploit Exercises. I figured it was a good way to keep my mind sharp. Before reading my spoilers you should give them a try yourself.
I was surprised how easy this level was. According to Exploit Exercises, Nebula Level03:
"Check the home directory of flag03 and take note of the files there.
There is a crontab that is called every couple of minuteshttp://feedproxy.google.com/~r/nathanbowman/Security/~3/7TkmNrxpwBg/exploitexercisecom-nebula-level03.htmlnoreply@blogger.com (Nathan Bowman)0<img src="http://feeds.feedburner.com/~r/nathanbowman/Security/~4/7TkmNrxpwBg" height="1" width="1" alt=""/>http://security.nathanbowman.us/2012/12/exploitexercisecom-nebula-level03.htmltag:blogger.com,1999:blog-3964361555410465200.post-3213835329649764441Sun, 19 Aug 2012 17:11:00 +00002012-08-19T13:16:41.884-04:00Exploit.Exercise.com - Nebula - Level02I decided to try my hand at a war game over at Exploit Exercises. I figured it was a good way to keep my mind sharp. Before reading my spoilers you should give them a try yourself.
Level02 is similar to Level01 in that it you don't need to know about C++ as much as you need to understand what is going on at the command line. You can see from the level02 code that it executes /bin/echo which http://feedproxy.google.com/~r/nathanbowman/Security/~3/_4Z2Ghxg6GE/exploitexercisecom-nebula-level02.htmlnoreply@blogger.com (Nathan Bowman)0<img src="http://feeds.feedburner.com/~r/nathanbowman/Security/~4/_4Z2Ghxg6GE" height="1" width="1" alt=""/>http://security.nathanbowman.us/2012/08/exploitexercisecom-nebula-level02.htmltag:blogger.com,1999:blog-3964361555410465200.post-4886052044553362151Sat, 18 Aug 2012 06:56:00 +00002012-08-18T03:25:55.214-04:00Exploit.Exercise.com - Nebula - Level01I decided to try my hand at a war game over at Exploit Exercises. I figured it was a good way to keep my mind sharp. Before reading my spoilers you should give them a try yourself.
With level01 you don't need to know about programing in C++ as much as you do about how Linux calls binary commands. So, read the blurb over at Wikipedia about the $PATH variable. The whole point in how the $PATH http://feedproxy.google.com/~r/nathanbowman/Security/~3/1_1A2s3aEi8/exploitexercisecom-nebula-level01.htmlnoreply@blogger.com (Nathan Bowman)0<img src="http://feeds.feedburner.com/~r/nathanbowman/Security/~4/1_1A2s3aEi8" height="1" width="1" alt=""/>http://security.nathanbowman.us/2012/08/exploitexercisecom-nebula-level01.htmltag:blogger.com,1999:blog-3964361555410465200.post-8457969763870284511Mon, 13 Aug 2012 22:39:00 +00002012-12-01T02:39:29.120-05:00Exploit.Exercise.com - Nebula - Level00I decided to try my hand at a war game over at Exploit Exercises. I figured it was a good way to keep my mind sharp. Before reading my spoilers you should give them a try yourself.
Level00 wants you to find a Set User ID program that is hidden in the filesystem. Level00 says that the SUID program runs as user 'flag00'.
The linux command find works really well for this task.
The level00 http://feedproxy.google.com/~r/nathanbowman/Security/~3/xc8Tr_WruEM/exploitexercisecom-nebula-level00.htmlnoreply@blogger.com (Nathan Bowman)0<img src="http://feeds.feedburner.com/~r/nathanbowman/Security/~4/xc8Tr_WruEM" height="1" width="1" alt=""/>http://security.nathanbowman.us/2012/08/exploitexercisecom-nebula-level00.htmltag:blogger.com,1999:blog-3964361555410465200.post-7695443809596580230Fri, 27 Apr 2012 13:50:00 +00002012-08-23T09:53:42.432-04:00The Brute Force Misconception
The Dream
Not long ago I was doing some research on the topic of brute forcing passwords. I was considering setting up a GPU farm to host a password cracking service. Basically, people would submit password hashes and I would crack them. For a price obviously. I envisioned making millions and getting government contracts.
Unfortunately I didn't get past the research and planning http://feedproxy.google.com/~r/nathanbowman/Security/~3/9G3C0lat8lI/the-brute-force-misconception.htmlnoreply@blogger.com (Nathan Bowman)0<img src="http://feeds.feedburner.com/~r/nathanbowman/Security/~4/9G3C0lat8lI" height="1" width="1" alt=""/>http://security.nathanbowman.us/2012/04/the-brute-force-misconception.html